CVE-2010-0789
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2010-0789 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2010-0789
This issue affects Red Hat Enterprise Linux 5 because it ships fusermount suid root, however the impact of this flaw is minimized due to the fact that only members in group fuse may use it the executable is owned root:fuse and mode 4750.
Red Hat Enterprise Linux 3 and 4 do not provide the fuse package.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 1.7 |
|---|---|
| Base Metrics | AV:L/AC:L/Au:S/C:N/I:N/A:P |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | fuse | Not affected |
| Red Hat Enterprise Linux 5 | fuse | Will not fix |
Acknowledgements
Red Hat would like to thank Dan Rosenberg for responsibly reporting these flaws.CVE description copyright © 2017, The MITRE Corporation